World's Third-Largest Spam Botnet Is Knocked Offline for Good

Salutations, My Dearest One: I am writing to you this blog post with joy and happy feelings in my heart, bringing news that will be of great interest and benefit to you. Oh, beloved, there is indeed a special reason for why I have chosen to contact you in this moment of your day, I write to you now because of the urgency of our situation: the world's third-largest spam botnet was knocked offline, today—for good.

Yup. After a three-day effort, FireEye Malware Intelligence Lab succeeded in bringing down Grum, the malicious, spam botnet that immediately before its demise was ranked behind just Cutwail and Lethic botnets in size—and as recently as January was thought to be the most active spam generator in the world.

Until just days ago, Grum's servers in Russia, Panama, and the Netherlands were thought to be in control of as many as 100,000 infect "zombie" PCs, bots from which Grum was spewing out a whopping 18 percent of the world's internet spam. Between Monday and Tuesday, Grums servers in the Netherlands and Panama were brought down, buckling under pressure from the local community and authorities alike, the remain's of the botnet's now-crippled infrastructure isolated in Russia.

...Or so the FireEye team thought. After the takedown of the two Dutch servers, six new Grums servers cropped up in Ukraine, a erstwhile safehaven for botnet servers, where takedown is known to be difficult.

"FireEye, working with Russian CERT-GIB and Spamhaus, found each of these new CnC servers, took a heavy-handed approach in working with Russian ISPs and domain registrars, and took them down ... signaling the full shut down of the botnet."